Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

labels / annotation propagation doesn't work with helm chart #63

Open
pgacek opened this issue Aug 30, 2022 · 0 comments
Open

labels / annotation propagation doesn't work with helm chart #63

pgacek opened this issue Aug 30, 2022 · 0 comments

Comments

@pgacek
Copy link
Contributor

pgacek commented Aug 30, 2022
edited
Loading

Hi,
aws-secret-operator deployed from the helm chart does not have the recent CRD.

NAME               	NAMESPACE	REVISION	UPDATED                              	STATUS  	CHART                    	APP VERSION
aws-secret-operator	test   	1       	2022-08-26 14:35:41.937816 +0200 CEST	deployed	aws-secret-operator-0.2.3	0.5.2

when I try to apply the AWSSecret definition and create labels on the secret I get an error:

---
apiVersion: mumoshu.github.io/v1alpha1
kind: AWSSecret
metadata:
  name: aws-secret1
  labels: 
    app_name: test-app1
  annotations:
    app_name: test1
spec:
  type: Opaque
  metadata:
    labels: 
      app_name: test-app1
  stringDataFrom:
    secretsManagerSecretRef:
      secretId: Secret
      versionId: xxxx

$ k apply -f awssecret.yaml

error: error validating "awssecret.yaml": error validating data: ValidationError(AWSSecret.spec): unknown field "metadata" in io.github.mumoshu.v1alpha1.AWSSecret.spec; if you choose to ignore these errors, turn validation off with --validate=false

It looks like the CRD installed via helm chart has an old CRD version which doesn't support the spec.metadata.labels/annotations

kg crd awssecrets.mumoshu.github.io -oyaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  creationTimestamp: "2022-08-26T12:35:38Z"
  generation: 1
  name: awssecrets.mumoshu.github.io
  resourceVersion: "425710227"
  uid: e1fbb32e-8ba5-4588-b04e-0476eabd3d09
spec:
  conversion:
    strategy: None
  group: mumoshu.github.io
  names:
    kind: AWSSecret
    listKind: AWSSecretList
    plural: awssecrets
    singular: awssecret
  scope: Namespaced
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        description: AWSSecret is the Schema for the awssecrets API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: AWSSecretSpec defines the desired state of AWSSecret
            properties:
              dataFrom:
                description: DataFrom data field is used to store arbitrary data,
                  encoded using base64.
                properties:
                  secretsManagerSecretRef:
                    description: SecretsManagerSecretRef defines from which SecretsManager
                      Secret the Kubernetes secret is built See https://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html
                      for the concepts
                    properties:
                      secretId:
                        description: SecretId is the SecretId a.k.a `--secret-id`
                          of the SecretsManager secret version
                        type: string
                      versionId:
                        description: VersionIdis the VersionId a.k.a `--version-id`
                          of the SecretsManager secret version
                        type: string
                    type: object
                type: object
              stringDataFrom:
                description: StringDataFrom stringData field is provided for convenience,
                  and allows you to provide secret data as unencoded strings.
                properties:
                  secretsManagerSecretRef:
                    description: SecretsManagerSecretRef defines from which SecretsManager
                      Secret the Kubernetes secret is built See https://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html
                      for the concepts
                    properties:
                      secretId:
                        description: SecretId is the SecretId a.k.a `--secret-id`
                          of the SecretsManager secret version
                        type: string
                      versionId:
                        description: VersionIdis the VersionId a.k.a `--version-id`
                          of the SecretsManager secret version
                        type: string
                    type: object
                type: object
              type:
                description: Used to facilitate programmatic handling of secret data.
                type: string
            type: object
          status:
            description: AWSSecretStatus defines the observed state of AWSSecret
            type: object
        type: object
    served: true
    storage: true
status:
  acceptedNames:
    kind: AWSSecret
    listKind: AWSSecretList
    plural: awssecrets
    singular: awssecret
  conditions:
  - lastTransitionTime: "2022-08-26T12:35:38Z"
    message: no conflicts found
    reason: NoConflicts
    status: "True"
    type: NamesAccepted
  - lastTransitionTime: "2022-08-26T12:35:38Z"
    message: the initial names have been accepted
    reason: InitialNamesAccepted
    status: "True"
    type: Established
  storedVersions:
  - v1alpha1

I've updated manually the CRD

k apply -f https://raw.githubusercontent.com/mumoshu/aws-secret-operator/3d4b7715d7eb7a37ed0c03d610064dd942a34576/deploy/crds/mumoshu.github.io_awssecrets.yaml

customresourcedefinition.apiextensions.k8s.io/awssecrets.mumoshu.github.io configured

and it looks good now

k apply -f awssecret.yaml
awssecret.mumoshu.github.io/aws-secret1 configured

kg secret aws-secret1 -o yaml
apiVersion: v1
data:
  AWSVersionId: xxxxx
  password: xxxxx
  username: xxxx
kind: Secret
metadata:
  labels:
    app_name: test-app1
  name: aws-secret1
  namespace: test
.
.
.
.
type: Opaque

It would be nice to fix the crd in the helm chart ;)

Also - documentation says about the https://github.com/mumoshu/aws-secret-operator#advanced-configuration to set the
spec.labels / spec.annotations but it should be spec.metadata.labels / spec.metadata.annotations
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pgacek